runsc: set up a minimal chroot from the sandbox process

In this case, new mounts are not created in the host mount namspaces, so
tearDownChroot isn't needed, because chroot will be destroyed with a
sandbox mount namespace.

In additional, pivot_root can't be called instead of chroot.

PiperOrigin-RevId: 229250871
Change-Id: I765bdb587d0b8287a6a8efda8747639d37c7e7b6

1 files changed, 24 insertions, 2 deletions

diff --git a/runsc/cmd/cmd.go b/runsc/cmd/cmd.go
index a1c3491a3..fbfc18fc9 100644
--- a/runsc/cmd/cmd.go
+++ b/runsc/cmd/cmd.go
@@ -86,6 +86,28 @@ func setCapsAndCallSelf(args []string, caps *specs.LinuxCapabilities) error {
 	}
 
 	log.Infof("Execve %q again, bye!", binPath)
-	syscall.Exec(binPath, args, []string{})
-	panic("unreachable")
+	err = syscall.Exec(binPath, args, []string{})
+	return fmt.Errorf("error executing %s: %v", binPath, err)
+}
+
+// callSelfAsNobody sets UID and GID to nobody and then execve's itself again.
+func callSelfAsNobody(args []string) error {
+	// Keep thread locked while user/group are changed.
+	runtime.LockOSThread()
+	defer runtime.UnlockOSThread()
+
+	const nobody = 65534
+
+	if _, _, err := syscall.RawSyscall(syscall.SYS_SETGID, uintptr(nobody), 0, 0); err != 0 {
+		return fmt.Errorf("error setting uid: %v", err)
+	}
+	if _, _, err := syscall.RawSyscall(syscall.SYS_SETUID, uintptr(nobody), 0, 0); err != 0 {
+		return fmt.Errorf("error setting gid: %v", err)
+	}
+
+	binPath := "/runsc"
+
+	log.Infof("Execve %q again, bye!", binPath)
+	err := syscall.Exec(binPath, args, []string{})
+	return fmt.Errorf("error executing %s: %v", binPath, err)
 }